packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0012-CVE-2020-25717-s4-auth-ntlm-make-sure-auth_check_pas.patch
haochenstar 8378df4821 fix CVE-2020-25717,CVE-2020-25718,CVE-2020-25719,CVE-2020-25721,CVE-2020-25722,CVE-2016-2124,CVE-2021-3738 
(cherry picked from commit aee849c6c0708056f62f6445e3b5274d1cec6408)
2022-01-19 11:41:35 +08:00

40 lines
1.2 KiB
Diff
Raw Blame History

From 66cd97e558cdb57bff2dfc2bf8734b0ee12f648e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 4 Oct 2021 17:29:34 +0200
Subject: [PATCH 104/266] CVE-2020-25717: s4:auth/ntlm: make sure
auth_check_password() defaults to r->out.authoritative = true
We need to make sure that temporary failures don't trigger a fallback
to the local SAM that silently ignores the domain name part for users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
source4/auth/ntlm/auth.c | 5 +++++
1 file changed, 5 insertions(+)
Conflict:NA
Reference:https://git.samba.org/samba.git/?p=samba.git;a=patch;h=66cd97e558cdb57bff2dfc2bf8734b0ee12f648e
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 1aa2e3b065f..e0c4436343c 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -169,6 +169,11 @@ _PUBLIC_ NTSTATUS auth_check_password(struct auth4_context *auth_ctx,
/*TODO: create a new event context here! */
ev = auth_ctx->event_ctx;
+ /*
+ * We are authoritative by default
+ */
+ *pauthoritative = 1;
+
subreq = auth_check_password_send(mem_ctx,
ev,
auth_ctx,
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink